Ransomware

Introduction to Ransomware.

Ransomware is a malicious software designed by some of the cyber criminals to block a computer system until a some amount of money is paid to them.

Although Ransomware is usually aimed at individuals, it's only a matter of time before business is targeted as well.

The process is similar to how a virus or malware gets into a computers. Emails messages claiming to contain important attachments, drive by download-- from websites or ads that seems to offer valuable/illegal stuff for free. Fake antivirus/anti-malware downloads, social engineering methods, friends on social networks enticing you to click on certain links, through botnets etc.,

Ransomware has some key characteristics apart from malware:

1). Unbreakable encryption: you can't decrypt the files on your own.

2). It encrypts all kind of files like audio, video, images etc.,

3). It can shuffle your filenames so you can't predict the effected data. 

4). It can display a image or message that lets you know that your data has been encrypted and you have pay some specific amount of money to the attackers to get your data back.

5). It requests payments in Bitcoins, because this crypto-currency cannot be tracked.

6). It can spread to other PC's connected to local network. Which causes further damage.

And it can leads to many more severe damages...

Ransomware variants observed so far is cryptolocker, wanna cry, Bad Rabbit, Cerber, crysis, Golden eye, cryptowall, jigsaw and locky.

Methodology:

Phase 1:

Exploitations and Infection: when attack has successfully done, the malicious ransomware files needs to execute on a computer. 

Though some attacks like phishing attack, exploit kit exploitation has been done. In the case of CryptoLocker malware, the angel exploit kit is a preferred method to gain execution.

Phase 2:

Delivery and execution: During this phase the actual ransomware executables are delivered to the victims system. Through which it can attack to the victim system.

Phase 3:

Backup spoliation: The ransomware targets the backup files and folders on victims system and removes and removes them to prevent restoring from backup. 

Phase 4:

File Encryption: once the phase 3 has completed the malware will perform a secure key exchange with the command and control (C2) server. Those encryption system are used on local system.

Phase 5:

User Notification and Cleanup: After removing the backup files and encryption work done the demand instructions for extortion and payment are displayed. The victim will have time limit to pay.

How to protect your computer from Ransomware:

Several anti-virus companies have come up with the ways to remove the virus, but but that doesn't decrypt the encrypted files. Unfortunately, you don't have many options unless you have backups of your data, but you can protect your computer with some common sense.

Finally, always keep backups of your files.